jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
5.93k stars 1.21k forks source link

build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.8.4 to 4.8.5 #6653

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 1 week ago

Bumps com.github.spotbugs:spotbugs-annotations from 4.8.4 to 4.8.5.

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.8.5

CHANGELOG

Fixed

CHECKSUM

file checksum (sha256)
spotbugs-4.8.5-javadoc.jar c8abae80768a5cd98bb09d13ae8baee1258efaf673e4c21688a581a8bc55cbe6
spotbugs-4.8.5-sources.jar c21daa57e931c0ea342de685884251e198ea3a48993a6d4c0ac8a9513fc8dd89
spotbugs-4.8.5.tgz c514054fd8f81f242ac6d64871d30bdb7b79cb49be7bd6b58067484efae8bfa0
spotbugs-4.8.5.zip a4b7bad5bb8d2d3cdc42b07d6cdd2a0d7864c0b24732120426d0002df4a9dd0f
spotbugs-annotations-4.8.5-javadoc.jar 5e35895e56ea0c2c4beb71a5b6962070d7a7092a79297419482c123c14324096
spotbugs-annotations-4.8.5-sources.jar b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar 6e63acb693f156e4fb79151b88f9eebe731b4da65fe12843503613e0d6e6f68d
spotbugs-ant-4.8.5-javadoc.jar b2807de49cc2e6d733285be3c22a4ef5a51cc95e266b6b93174fc41968eb7738
spotbugs-ant-4.8.5-sources.jar 9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar 4b0809797d9e05685ef97ec92c9ae1fdabf9e63368948a66badd934183b807d0
test-harness-4.8.5-javadoc.jar f5c977da2391ef6b7237e3b89a9be56ff82fdbe4d7c59c4f1f854e79fb28142d
test-harness-4.8.5-sources.jar 76788749afa9e2a8d6c39231f683bd8e3faab26947975c751c0ab0fbdfc3c17a
test-harness-4.8.5.jar 04c7c8e778a1688ab9636ab58b55f1236ae99bb5428a934a7ba0f54857263c74
test-harness-core-4.8.5-javadoc.jar 9258f6be3c3a1a4103b268b3c528a7ed0530c54b83d10bccb3c20aed6e38d2ec
test-harness-core-4.8.5-sources.jar f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.5.jar 30c2b71900f38b77fb0e4a788b8ae1ea5b9e54f42636111576e338085c9c53dd
test-harness-jupiter-4.8.5-javadoc.jar 18e10f9ae7f4c88a8a7790d4ea5e9422901c6a84a768e6961b6d8ce2bc07b9ea
test-harness-jupiter-4.8.5-sources.jar 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.5.jar 94c5ceecb79b93f5e357b5d9805f0a7a22536a52c70a376182faa14923d86021
Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.8.5 - 2024-05-03

Fixed

  • Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED with eager instances (#2932)
  • Fix FPs when looking for multiple initialization of Singletons (#2934)
  • Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches when switch instruction is TABLESWITCH(#2736)
  • Fix FP SE_BAD_FIELD for record fields ([#2935]spotbugs/spotbugs#2935)
Commits
  • 1dbd799 release v4.8.5
  • 3d69e18 fix(deps): update dependency com.google.errorprone:error_prone_annotations to...
  • 0a55a48 fix(deps): update dependency org.checkerframework:checker-qual to v3.43.0 (#2...
  • 73f951c fix(deps): update dependency com.google.guava:guava to v33.2.0-jre (#2977)
  • 7120077 chore(deps): update plugin com.github.spotbugs to v6.0.13 (#2974)
  • bdc61bd fix(deps): update dependency checkstyle to v10.16.0 (#2973)
  • 3f79bad fix(deps): update dependency org.testng:testng to v7.10.2 (#2972)
  • bebfdf8 Fix FPs with multiple initialization of Singletons (#2951)
  • e8a364a fix(deps): update dependency org.apache.bcel:bcel to v6.9.0 (#2971)
  • dd05438 fix(deps): update dependency com.google.errorprone:error_prone_annotations to...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)